Signature Detail

DB: PostgreSQL Bit Substring Buffer Overflow

This signature detects malformed SQL queries within a PostgreSQL request. A buffer overflow vulnerability exists in the PostgreSQL database server. The vulnerability is due to an error when executing the SQL substring function with malicious input. A remote authenticated attacker could leverage this vulnerability by sending a crafted SQL query to a target server. Successful exploitation could lead to the execution of arbitrary code on the target server.

Extended Description

PostgreSQL is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code with elevated privileges or crash the affected application. PostgreSQL 8.0.23 is vulnerable; other versions may also be affected.

Affected Products

• Avaya aura_application_enablement_services 5.2
• Avaya aura_application_enablement_services 5.2.1
• Avaya aura_communication_manager 5.1
• Avaya aura_communication_manager 5.2
• Avaya aura_communication_manager 5.2.1
• Avaya aura_presence_services 6.0
• Avaya aura_session_manager 1.1
• Avaya aura_session_manager 5.2
• Avaya aura_session_manager 6.0
• Avaya aura_sip_enablement_services 3.1
• Avaya aura_sip_enablement_services 3.1.0
• Avaya aura_sip_enablement_services 3.1.1
• Avaya aura_sip_enablement_services 4.0
• Avaya aura_sip_enablement_services 5.0
• Avaya aura_sip_enablement_services 5.1
• Avaya aura_sip_enablement_services 5.2
• Avaya aura_sip_enablement_services 5.2.1
• Avaya aura_system_manager 5.2
• Avaya aura_system_manager 6.0 SP1
• Avaya intuity_audix_lx 2.0
• Avaya intuity_audix_lx 2.0 SP1
• Avaya intuity_audix_lx 2.0 SP2
• Avaya meeting_exchange 5.0
• Avaya meeting_exchange 5.1
• Avaya meeting_exchange 5.2
• Avaya meeting_exchange 5.2 SP1
• Avaya message_networking 5.2
• Avaya message_networking MN 3.1
• Avaya voice_portal 4.0
• Avaya voice_portal 4.1
• Avaya voice_portal 4.1 SP1
• Avaya voice_portal 4.1 SP2
• Avaya voice_portal 5.0
• Avaya voice_portal 5.0 SP1
• Avaya voice_portal 5.0 SP2
• Avaya voice_portal 5.1
• Debian linux 5.0
• Debian linux 5.0 Alpha
• Debian linux 5.0 Amd64
• Debian linux 5.0 Arm
• Debian linux 5.0 Armel
• Debian linux 5.0 Hppa
• Debian linux 5.0 Ia-32
• Debian linux 5.0 Ia-64
• Debian linux 5.0 M68k
• Debian linux 5.0 Mips
• Debian linux 5.0 Mipsel
• Debian linux 5.0 Powerpc
• Debian linux 5.0 S/390
• Debian linux 5.0 Sparc
• Gentoo linux
• Mandriva corporate_server 4.0
• Mandriva corporate_server 4.0.0 X86 64
• Mandriva enterprise_server 5
• Mandriva enterprise_server 5 X86 64
• Mandriva linux_mandrake 2008.0
• Mandriva linux_mandrake 2008.0 X86 64
• Mandriva linux_mandrake 2009.0
• Mandriva linux_mandrake 2009.0 X86 64
• Mandriva linux_mandrake 2009.1
• Mandriva linux_mandrake 2009.1 X86 64
• Mandriva linux_mandrake 2010.0
• Mandriva linux_mandrake 2010.0 X86 64
• Pardus linux_2009
• Postgresql postgresql 8.0.23
• Red_hat desktop 3.0.0
• Red_hat enterprise_linux 5 Server
• Red_hat enterprise_linux Desktop Version 4
• Red_hat enterprise_linux_as 3
• Red_hat enterprise_linux_as 4
• Red_hat enterprise_linux_desktop 5 Client
• Red_hat enterprise_linux_desktop_workstation 5 Client
• Red_hat enterprise_linux_es 3
• Red_hat enterprise_linux_es 4
• Red_hat enterprise_linux_ws 3
• Red_hat enterprise_linux_ws 4
• Ubuntu ubuntu_linux 6.06 LTS Amd64
• Ubuntu ubuntu_linux 6.06 LTS I386
• Ubuntu ubuntu_linux 6.06 LTS Powerpc
• Ubuntu ubuntu_linux 6.06 LTS Sparc
• Ubuntu ubuntu_linux 8.04 LTS Amd64
• Ubuntu ubuntu_linux 8.04 LTS I386
• Ubuntu ubuntu_linux 8.04 LTS Lpia
• Ubuntu ubuntu_linux 8.04 LTS Powerpc
• Ubuntu ubuntu_linux 8.04 LTS Sparc
• Ubuntu ubuntu_linux 9.04 Amd64
• Ubuntu ubuntu_linux 9.04 I386
• Ubuntu ubuntu_linux 9.04 Lpia
• Ubuntu ubuntu_linux 9.04 Powerpc
• Ubuntu ubuntu_linux 9.04 Sparc
• Ubuntu ubuntu_linux 9.10 Amd64
• Ubuntu ubuntu_linux 9.10 I386
• Ubuntu ubuntu_linux 9.10 Lpia
• Ubuntu ubuntu_linux 9.10 Powerpc
• Ubuntu ubuntu_linux 9.10 Sparc

References

• BugTraq: 37973
• CVE: CVE-2010-0442